Rotunda Software takes every measure to ensure that your data remains completely secure, both when it is stored on Rotunda's cloud servers and when that data is in transmission to and from those servers.

Rotunda's web servers are housed in the secure data centers of Amazon Web Services (AWS). AWS has achieved ISO 27001 certification and has successfully completed multiple SAS70 Type II security audits. The U.S. government has awarded AWS an approval to operate at the FISMA-Low level, which means that government agencies operating on AWS infrastructure can achieve compliance with the Federal Information Security Management Act (FISMA). Additionally, AWS customers have built healthcare applications compliant with HIPAA's Security and Privacy Rules on AWS. Detailed information on AWS's security and compliance is available directly from Amazon.

Data in Transmission

All communication between client software and Rotunda's cloud servers is encrypted with the government approved AES-128 bit algorithm. This encryption technology is the same that is used to encrypt your financial information when you access your bank account online. Also, when volunteers access their schedules, the connection between their web browser and the Rotunda server is SSL enabled, which is the industry standard technology used to encrypt sensitive data.

PCI Compliance & Credit Card Info

Rotunda is certified as compliant with the Payment Card Industry Data Security Standard, a set of requirements designed to ensure that companies that process credit card information maintain a secure environment. All software payments are processed through the industry standard authorize.net. We do not store credit card numbers or security codes in our infrastructure. Instead, we leverage authorize.net's Customer Information Manager service to store credit card on authorize.net's ultra secure servers. As a result, there is no possibility that credit card information is compromised in the very unlikely event of a security breach of our database.

Security Audit

Redspin, Inc., a leading provider of penetration testing services and IT security audits, completed their most recent security audit of Rotunda Software, LLC in May, 2019. After a thorough audit of our external network, application services and validation services, Redspin, Inc. concluded:

"Our assessments provide a reasonable basis for determining overall security risk. Rotunda Software, LLC employs an above-average level of security controls on their application, and the overall security posture of Rotunda Software appears to be well above industry average."

John R. Nye
Sr. Director, Redspin, Inc

We love making software. Whenever possible, we share our building blocks so other people can benefit. Speak our language? Get in touch.